Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS3320.roa
File:                     AS3320.roa (raw, json)
Hash identifier:          e1MeoklQBD7bQLUpnLY4hG07sQgDaApFF/Eo5NyROuM=
Subject key identifier:   AB:A0:F5:D8:92:5A:85:9D:00:EB:DE:5E:0D:48:0C:F3:A0:D5:2C:4E
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       1005D3FDA7A6C88BD21B52A7CB3DBA1342CCEBCE
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS3320.roa
Signing time:             Thu 13 Mar 2025 18:40:18 +0000
ROA not before:           Thu 13 Mar 2025 18:35:18 +0000
ROA not after:            Thu 12 Mar 2026 18:40:18 +0000
asID:                     3320
IP address blocks:        81.31.210.0/23 maxlen: 24
                          185.195.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 09:24:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            10:05:d3:fd:a7:a6:c8:8b:d2:1b:52:a7:cb:3d:ba:13:42:cc:eb:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: Mar 13 18:35:18 2025 GMT
            Not After : Mar 12 18:40:18 2026 GMT
        Subject: CN=ABA0F5D8925A859D00EBDE5E0D480CF3A0D52C4E
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:6e:29:ad:be:e4:45:b3:79:5f:83:55:54:d9:
                    c2:6b:f7:52:2f:6e:d4:19:c2:30:57:b8:1b:78:d0:
                    b6:bd:85:a4:15:5e:ca:dc:2b:f4:3a:da:fc:26:ad:
                    1b:95:5c:0f:bd:3d:0b:7c:2f:85:2a:33:8c:e1:23:
                    03:78:2e:ab:4c:2d:a5:e2:02:ec:f4:fc:c6:26:ef:
                    9e:bb:f6:7e:fc:4c:4d:cc:32:20:bd:cf:53:1a:88:
                    16:3b:c4:a8:48:46:52:fe:1c:12:83:7b:30:62:66:
                    c2:98:a0:13:35:ed:d5:71:ee:4e:23:3d:61:84:dd:
                    d1:d7:63:68:b8:9f:33:3e:49:79:ce:7c:68:8b:e1:
                    f1:bb:81:03:b1:b6:46:6f:38:d2:d1:fb:aa:e8:2a:
                    a0:05:62:ba:53:81:2c:0e:fc:a5:13:50:59:10:4e:
                    e6:88:f0:fa:97:ed:7b:ec:fe:ae:be:ad:6e:a2:d1:
                    54:82:77:d4:57:0e:4e:0a:80:43:9c:cd:8a:ee:5a:
                    91:3b:92:9d:c2:a5:f2:cd:18:76:40:38:9c:ca:5d:
                    1b:47:60:91:1f:d7:79:2e:d7:92:c3:a2:9d:6c:7f:
                    d7:c2:33:12:16:18:63:eb:4e:cc:a4:35:76:5d:c5:
                    fa:46:92:76:bd:02:c0:7c:75:c1:4a:b3:2b:c1:9b:
                    84:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:A0:F5:D8:92:5A:85:9D:00:EB:DE:5E:0D:48:0C:F3:A0:D5:2C:4E
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS3320.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.210.0/23
                  185.195.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:67:97:b9:0d:34:c3:d1:93:61:76:09:6d:a9:b8:f8:31:a6:
         94:98:f3:60:78:19:63:4d:54:76:76:39:83:ae:73:96:df:3b:
         29:26:4c:6b:ad:37:a5:32:bd:ed:95:f1:20:b3:cc:75:7e:fc:
         f3:dd:eb:69:81:31:60:a1:3f:05:47:a7:fd:34:bf:e5:d0:03:
         e1:fd:7d:c3:a9:40:66:cf:a4:04:a3:60:e1:84:66:3d:2d:59:
         af:9f:82:cf:7e:eb:31:e1:11:30:fe:19:ed:02:31:f6:03:e4:
         d1:40:44:b9:7e:5f:aa:63:b2:60:2f:5d:04:c9:89:87:03:bf:
         d3:62:f1:ca:a1:ed:13:12:be:21:58:a1:46:09:dc:dc:53:ec:
         de:25:dd:82:d2:7c:53:9a:92:41:ff:f0:e1:ce:26:d3:ae:6d:
         14:57:b0:b7:a2:11:52:55:cf:24:c6:c1:cd:51:3f:28:e9:71:
         63:47:d1:fd:c6:ae:94:ae:e8:02:ea:dc:82:0a:90:31:c5:71:
         95:76:c2:97:bb:63:88:f4:81:9a:ef:69:09:3d:55:8a:05:1c:
         2c:3e:58:3c:93:d7:37:22:a5:16:e6:be:73:88:32:98:65:7a:
         46:33:9c:5c:a4:81:c6:d7:21:ec:72:72:99:33:04:97:c5:df:
         e6:65:9a:a7
-----BEGIN CERTIFICATE-----
MIIE6TCCA9GgAwIBAgIUEAXT/aemyIvSG1Knyz26E0LM684wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNTAzMTMxODM1MThaFw0yNjAzMTIxODQwMThaMDMxMTAvBgNV
BAMTKEFCQTBGNUQ4OTI1QTg1OUQwMEVCREU1RTBENDgwQ0YzQTBENTJDNEUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCbbimtvuRFs3lfg1VU2cJr91Iv
btQZwjBXuBt40La9haQVXsrcK/Q62vwmrRuVXA+9PQt8L4UqM4zhIwN4LqtMLaXi
Auz0/MYm75679n78TE3MMiC9z1MaiBY7xKhIRlL+HBKDezBiZsKYoBM17dVx7k4j
PWGE3dHXY2i4nzM+SXnOfGiL4fG7gQOxtkZvONLR+6roKqAFYrpTgSwO/KUTUFkQ
TuaI8PqX7Xvs/q6+rW6i0VSCd9RXDk4KgEOczYruWpE7kp3CpfLNGHZAOJzKXRtH
YJEf13ku15LDop1sf9fCMxIWGGPrTsykNXZdxfpGkna9AsB8dcFKsyvBm4TfAgMB
AAGjggHzMIIB7zAdBgNVHQ4EFgQUq6D12JJahZ0A695eDUgM86DVLE4wHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBuBggrBgEF
BQcBCwRiMGAwXgYIKwYBBQUHMAuGUnJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MzMyMC5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB
/wQWMBQwEgQCAAEwDAMEAVEf0gMEALnD7zANBgkqhkiG9w0BAQsFAAOCAQEAOGeX
uQ00w9GTYXYJbam4+DGmlJjzYHgZY01UdnY5g65zlt87KSZMa603pTK97ZXxILPM
dX78893raYExYKE/BUen/TS/5dAD4f19w6lAZs+kBKNg4YRmPS1Zr5+Cz37rMeER
MP4Z7QIx9gPk0UBEuX5fqmOyYC9dBMmJhwO/02LxyqHtExK+IVihRgnc3FPs3iXd
gtJ8U5qSQf/w4c4m065tFFewt6IRUlXPJMbBzVE/KOlxY0fR/caulK7oAurcggqQ
McVxlXbCl7tjiPSBmu9pCT1VigUcLD5YPJPXNyKlFua+c4gymGV6RjOcXKSBxtch
7HJymTMEl8Xf5mWapw==
-----END CERTIFICATE-----